Tag Archive for Cybersecurity

Opening Statements
▼Never before has it been possible for one person to potentially affect an entire Nation‟s security.
▼In 1999 (10 years ago), two Chinese Colonels published a book called “Unrestricted Warfare” that advocated “not fighting” the U.S. directly, but “understanding and employing the principle of asymmetry correctly to allow us [the Chinese] always to find and exploit an enemy’s soft spots.”
▼The idea that a less-capable foe can take on a militarily superior opponent also aligns with the views of the ancient Chinese general, Sun Tzu. In his book “The Art of War,” the strategist advocates stealth, deceptionand indirect attackto overcome a stronger opponent in battle.

• Execute the responsibilities created by the Homeland Security Act of 2002:
– Access, receive, and analyze law enforcement, intelligence, and other information from federal, state, and local agencies and private sector entities to:
• Identify and assess the nature and scope of terrorist threats
• Detect and identify threats to the United States
• Understand threats in light of actual and potential vulnerabilities
– Carry out comprehensive assessments to determine the risk posed by terrorist attacks
• Outreach plays a critical role in the mission
– The CTB provides threat briefings and teleconferences to:
• Sector Coordinating Councils
• Government Coordinating Councils
• Key industry associations

“ In the near future, information warfare will control the form and future of war…Our sights must not be fixed on the fire-power of the industrial age; rather, they must be trained on the information warfare of the information age. ”
–Major General Wang Pufeng, Peoples Liberation Army, China

The National Cyber Security Division (NCSD) United States Computer Emergency Readiness Team (US-CERT) is a partnership between the Department of Homeland Security (DHS) and the public and private sectors. Established in 2003 to protect the nation’s internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation. The organization interacts with federal agencies, state and local governments, industry professionals, and others to improve information sharing and incident response coordination and to reduce cyber threats and vulnerabilities.

Since 2005, GAO has reported that DHS has yet to comprehensively satisfy its key cybersecurity responsibilities, including those related to establishing effective partnerships with the private sector. Shortcomings exist in key areas that are essential for DHS to address in order to fully implement its cybersecurity responsibilities (see table). DHS has since developed and implemented certain capabilities, but still has not fully satisfied aspects of these responsibilities and needs to take further action to enhance the public/private partnerships needed to adequately protect cyber critical infrastructure. GAO has also previously reported on significant security weaknesses in systems supporting two of the department’s programs, one that tracks foreign nationals entering and exiting the United States, and one for matching airline passenger information against terrorist watch-list records. DHS has corrected information security weaknesses for systems supporting the terrorist watch-list, but needs to take additional actions to mitigate vulnerabilities associated with systems tracking foreign nationals.

The President directed a 60-day, comprehensive, “clean-slate” review to assess U.S. policies and structures for cybersecurity. Cybersecurity policy includes strategy, policy, and standards regarding the security of and operations in cyberspace, and encompasses the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure. The scope does not include other information and communications policy unrelated to national security or securing the infrastructure. The review team of government cybersecurity experts engaged and received input from a broad cross-section of industry, academia, the civil liberties and privacy communities, State governments, international partners, and the Legislative and Executive Branches. This paper summarizes the review team’s conclusions and outlines the beginning of the way forward towards a reliable, resilient, trustworthy digital infrastructure for the future.

Cyberspace and its associated technologies offer unprecedented opportunities to the United States and are vital to our Nation’s security and, by extension, to all aspects of military operations. Yet our increasing dependency on cyberspace, alongside a growing array of cyber threats and vulnerabilities, adds a new element of risk to our national security. To address this risk effectively and to sccure freedom of action in cyberspace, the Department of Defense requires a command that posscsses the required technical capability and remains fbcused on the integration or cyberspace operations. Further, this command must be capable or synchronizing wartIghting effects across the global security environment as well as providing support to civil authorities and intemnational partners.